{"id":4741,"date":"2023-04-03T05:01:00","date_gmt":"2023-04-03T11:01:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&#038;p=4741"},"modified":"2024-10-08T13:22:44","modified_gmt":"2024-10-08T19:22:44","slug":"iowa-consumer-data-protection-act-background","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/","title":{"rendered":"Background Brief: Iowa Consumer Data Protection Act"},"content":{"rendered":"\t\t<section id=\"block_fc7899fdd27ff090905e9195aa08b379\" class=\"resource-intro intro-simple\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<strong class=\"sub-title block uppercase\">article<\/strong>\n\t\t\t\t\t\t\t\t\t\t<h1>Background Brief: Iowa Consumer Data Protection Act<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t<section id=\"block_0d7cda9b5e09c169afde7eabd12c2fe8\" class=\"columns-content\">\n\t\t<div class=\"container\">\n\t\t\t<div class=\"left\">\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"middle\">\n\t\t\t\t<div class=\"content\">\n\t\t\t\t\t<p>Iowa became the sixth U.S. state to enact a detailed consumer data privacy law when the <a href=\"https:\/\/www.legis.iowa.gov\/docs\/publications\/LGE\/90\/SF262.pdf\" target=\"_blank\" rel=\"noopener\">Iowa Consumer Data Protection Act<\/a> was signed into law by Governor Kim Reynolds on March 28, 2023.<\/p>\n<p>Effective from January 1, 2025, the Act gives the state\u2019s citizens personal data privacy and protection rights as individuals but not in their employment or business contexts. Unlike similar legislation in other states, Iowa\u2019s data protection law does not include a provision requiring data controllers to honor universal opt-out signals, such as <a href=\"\/resource\/global-privacy-control\/\">Global Privacy Control (GPC)<\/a>.<\/p>\n<h2>Key dates: Iowa Consumer Data Privacy Law<\/h2>\n<ul>\n<li>October 2000 \u2013 Iowa Governor Thomas Vilsack commissions the Iowa Privacy Task Force to focus on the privacy of Iowans\u2019 health and financial information. The group begins polling citizens about their concerns.<\/li>\n<li>January 22, 2002 \u2013 The <a href=\"https:\/\/publications.iowa.gov\/17709\/1\/IA_privacy_TF.pdf&amp;ved=2ahUKEwin6JHC2f2FAxVyr1YBHXL0DAEQFnoECB8QAQ&amp;usg=AOvVaw0spyVoLDAuPqP0Ui11u_Tu\" target=\"_blank\" rel=\"noopener\">Iowa Privacy Task Force publishes its final report<\/a>, which includes a set of privacy principles for Iowans\u2019 sensitive financial and health information that aim to build on protections granted by federal legislation such as the <a href=\"\/regulations\/glba\/\">Gramm-Leach-Bliley Act<\/a>. Notably, principle 5 states: <em>\u201cIndividuals should have a reasonable right to access their personally identifiable health or financial information held by covered entities and the right to request corrections of inaccurate health or financial information\u201d.<\/em><\/li>\n<li>February 8, 2022 \u2013 A subcommittee meeting of the Iowa House Committee on Information Technology introduces <a href=\"https:\/\/www.legis.iowa.gov\/legislation\/BillBook?ba=HSB%20674&amp;ga=89\" target=\"_blank\" rel=\"noopener\">House Study Bill 674<\/a>: \u201cA bill for an act relating to consumer data protection, providing civil penalties and including effective date provisions\u201d.<\/li>\n<li>March 14, 2022 \u2013 The Iowa House Committee on Information Technology introduces House File 2506, an update on the consumer data protection bill. It is read for the first time in the House the next day.<\/li>\n<li>January 12, 2023 \u2013 The Bill now known as House Study Bill 12 is introduced to Iowa\u2019s House and referred to the committee for Economic Growth and Technology.<\/li>\n<li>January 23, 2023 \u2013 Iowa\u2019s consumer data privacy bill is introduced to the Senate (Senate Study Bill 1071) and referred to the Committee on Technology.<\/li>\n<li>February 13, 2023 \u2013 The Bill is introduced as Senate File 262 by the Committee on Technology and placed on the calendar. A committee report approving the bill is filed on the same day.<\/li>\n<li>March 6, 2023 \u2013 Iowa senators all vote in favor (47\u20130) to pass the consumer data privacy Bill.<\/li>\n<li>March 15, 2023 \u2013 Iowa\u2019s House of Representatives members vote unanimously (97\u20130) to pass the Bill, sending it to the Governor for signing.<\/li>\n<li>March 28, 2023 \u2013 Iowa Governor Kim Reynolds signs the Consumer Data Protection Act into law. <em>\u201cIn our digital age, it\u2019s never been more important to state, clearly and unmistakably, that consumers deserve a reasonable level of transparency and control over their personal data,\u201d<\/em> <a href=\"https:\/\/governor.iowa.gov\/press-release\/2023-03-28\/gov-reynolds-signs-sf-75-and-sf-262-law\" target=\"_blank\" rel=\"noopener\">says Governor Reynolds in a media release on Tuesday March 28, 2023<\/a>. <em>\u201cThat\u2019s exactly what this bill does, making Iowa just the sixth state to provide this kind of comprehensive protection.\u201d<\/em><\/li>\n<li>January 1, 2025 \u2013 Iowa\u2019s Consumer Data Protection Act goes into effect.<\/li>\n<\/ul>\n<h2>Consumer rights under the Iowa Consumer Data Protection Act<\/h2>\n<p>The definition of a consumer under the Iowa Consumer Data Protection Act is <em>\u201ca natural person who is a resident of the state acting only in an individual or household context and excluding a natural person acting in a commercial or employment context\u201d.<\/em> In this regard, the exclusion of Iowans\u2019 personal data at work or in business follows similar states\u2019 data privacy legislation.<\/p>\n<p>Personal data is also defined almost word-for-word the same as it is in other U.S. state privacy laws, with the same caveats: <em>\u201c\u2018Personal data\u2019 means any information that is linked or reasonably linkable to an identified or identifiable natural person. \u2018Personal data\u2019 does not include de-identified or aggregate data or publicly available information.\u201d<\/em><\/p>\n<p>Consumers in Iowa now have the following data privacy and protection rights, which they can exercise as \u2018an authenticated consumer\u2019 (or as an authenticated parent or legal guardian of a child) by sending a request to a controller:<\/p>\n<ul>\n<li><strong>Right to confirm \/ right to know<\/strong> whether their personal data is being processed by a controller and what personal data is held. A caveat for this right is mentioned in Section 7, Limitations: \u201cThis chapter shall not require a controller, processor, third party, or consumer to disclose trade secrets\u201d.<\/li>\n<li><strong>Right to delete<\/strong> their personal data they\u2019ve previously provided to the controller.<\/li>\n<li><strong>Right to portability \/ obtain a copy<\/strong> of their personal data they\u2019ve previously provided to the controller in a format that is \u201cto the extent technically practicable\u201d, readily usable and allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means. An exception is when that personal information is subject to security breach protection.<\/li>\n<li><strong>Right to opt-out of sale<\/strong> of their personal data.<\/li>\n<\/ul>\n<p>Controllers are required to respond within 90 days to consumers\u2019 requests to exercise their rights under the Act. Any information provided by a controller to a consumer under these rights must be provided at no cost to the consumer, up to twice in a year per consumer.<\/p>\n<p>Controllers are not required to comply with requests from consumers they cannot reasonably authenticate.<\/p>\n<p><strong>Note:<\/strong> Unlike many other states\u2019 data protection regulations, Iowa\u2019s privacy law does not include the consumer right to correct inaccuracies in records of personal data.<\/p>\n<p>It also does not require controllers to get opt-in consent from consumers to collect and process sensitive data but they must give consumers an opt-out choice \u2013 see below. And it does not include a consumer right to opt-out from profiling.<\/p>\n<h3>Processing of sensitive data and non-discrimination<\/h3>\n<p>Although not listed under consumer rights, Section 4 notes controllers are not permitted to <strong>process sensitive data<\/strong> collected from a consumer for a non-exempt purpose (see below) without first giving consumers a clear notice and an opt-out mechanism.<\/p>\n<p>All personal information collected from a known child is classified as \u2018sensitive data\u2019 and it must be processed in compliance with the <a href=\"\/resource\/coppa-compliance-made-easy-keep-kids-in-mind\/\">Children\u2019s Online Privacy Protection Act 1998 (COPPA)<\/a>.<\/p>\n<p>The Iowa Consumer Data Protection Act defines \u2018sensitive data\u2019 as information about a person\u2019s:<\/p>\n<ul>\n<li>Racial or ethnic origin<\/li>\n<li>Religious beliefs<\/li>\n<li>Mental or physical health condition or diagnosis<\/li>\n<li>Sexual orientation<\/li>\n<li>Citizenship or immigration status<\/li>\n<li>Genetic or biometric data that is processed for the purpose of uniquely identifying a natural person<\/li>\n<li>Precise geolocation (<em>\u201cincluding but not limited to global positioning system level latitude and longitude coordinates or other mechanisms, that identifies the specific location of a natural person with precision and accuracy within a radius of one thousand seven hundred fifty feet.\u201d<\/em>)<\/li>\n<\/ul>\n<p>However, the definition of \u2018precise geolocation data\u2019 does not include the content of communications or data generated by or connected to utility meters.<br \/>\nSection 4 of the Act also states controllers cannot discriminate against consumers for exercising their rights (by <em>\u201cdenying goods or services, charging different prices or rates for goods or services, or providing a different level of quality of goods and services to the consumer.\u201d<\/em>)<\/p>\n<h2>Applicability: Businesses subject to Iowa data privacy legislation<\/h2>\n<p>Iowa\u2019s data privacy legislation applies to a person that:<\/p>\n<ul>\n<li>Conducts business in Iowa; or<\/li>\n<li>Produces products or services that are targeted to consumers who are residents of Iowa; and<\/li>\n<\/ul>\n<p>During a calendar year does either of the following:<\/p>\n<ul>\n<li>Controls or processes personal data of at least 100,000 consumers;<br \/>\nor<\/li>\n<li>Controls or processes personal data of at least 25,000 consumers and derives more than 50% of gross revenue from the sale of personal data.<\/li>\n<\/ul>\n<p><strong>Note:<\/strong> Like <a href=\"\/resource\/montana-consumer-data-privacy-act-background\/\">Montana\u2019s Consumer Data Privacy Act<\/a> there is no minimum revenue threshold for organizations, which means even very small businesses and sole traders are subject to Iowa\u2019s data protection law if they meet other applicability criteria.<\/p>\n<h3>Exemptions under the Iowa Consumer Data Protection Act<\/h3>\n<p>The requirements of Iowa\u2019s data protection law do not apply to:<\/p>\n<ul>\n<li>The state of Iowa or any political subdivisions of the state;<\/li>\n<li>Financial institutions, their affiliates or data subject to the <a href=\"https:\/\/www.ftc.gov\/business-guidance\/privacy-security\/gramm-leach-bliley-act\" target=\"_blank\" rel=\"noopener\">Gramm-Leach-Bliley Act<\/a>;<\/li>\n<li>People who are subjects to and must comply with two federal health Acts: <a href=\"\/resource\/hipaa-compliance-privacy-solutions\/\">Health Insurance Portability and Accountability Act (HIPAA)<\/a>, and Health<\/li>\n<li>Information Technology for Economic and Clinical Health Act (HITECH);<\/li>\n<li>Nonprofit organizations; and<\/li>\n<li>Institutions of higher education.<\/li>\n<\/ul>\n<p>Information and data also exempt from the requirements of the Act includes:<\/p>\n<ul>\n<li>Protected health information under HIPAA;<\/li>\n<li>Health records;<\/li>\n<li>Information and documents created for purposes of the federal <a href=\"https:\/\/www.govinfo.gov\/content\/pkg\/USCODE-2011-title42\/html\/USCODE-2011-title42-chap117.htm\" target=\"_blank\" rel=\"noopener\">Health Care Quality Improvement Act<\/a> (42 U.S.C); and patient identifying information and patient safety work product for purposes of the federal <a href=\"https:\/\/www.govinfo.gov\/content\/pkg\/USCODE-2010-title42\/html\/USCODE-2010-title42-chap6A-subchapIII-A-partD-sec290dd-2.htm\" target=\"_blank\" rel=\"noopener\">Patient Safety and Quality Improvement Act<\/a>;<\/li>\n<li>Identifiable private information for purposes of the federal policy for the protection of human subjects under <a href=\"https:\/\/www.hhs.gov\/ohrp\/regulations-and-policy\/regulations\/45-cfr-46\/index.html\" target=\"_blank\" rel=\"noopener\">45 CFR 46<\/a>;<\/li>\n<li>Information covered by the protection of human subjects under <a href=\"https:\/\/www.ecfr.gov\/current\/title-21\/chapter-I\/subchapter-A\/part-50\" target=\"_blank\" rel=\"noopener\">21 CFR 50<\/a> and <a href=\"https:\/\/www.ecfr.gov\/current\/title-21\/chapter-I\/subchapter-A\/part-56\" target=\"_blank\" rel=\"noopener\">21 CFR 56<\/a>;<\/li>\n<li>Personal data collected, maintained, disclosed, sold or used in compliance with the federal <a href=\"https:\/\/www.consumer.ftc.gov\/sites\/default\/files\/articles\/pdf\/pdf-0111-fair-credit-reporting-act.pdf\" target=\"_blank\" rel=\"noopener\">Fair Credit Reporting Act<\/a>;<\/li>\n<li>Personal data collected, processed, sold or disclosed in compliance with the federal <a href=\"https:\/\/www.govinfo.gov\/app\/details\/USCODE-2011-title18\/USCODE-2011-title18-partI-chap123-sec2721\" target=\"_blank\" rel=\"noopener\">Driver\u2019s Privacy Protection Act<\/a>;<\/li>\n<li>Personal data regulated by the <a href=\"https:\/\/ojjdp.ojp.gov\/library\/publications\/guide-family-educational-rights-and-privacy-act\" target=\"_blank\" rel=\"noopener\">Family Educational Rights and Privacy Act<\/a>;<\/li>\n<li>Personal data collected, processed, sold or disclosed in compliance with the federal <a href=\"https:\/\/www.govinfo.gov\/app\/details\/USCODE-2021-title12\/USCODE-2021-title12-chap23-sec2001\" target=\"_blank\" rel=\"noopener\">Farm Credit Act<\/a>;<\/li>\n<li>Personal data used in accordance with the federal <a href=\"\/regulations\/coppa\/\">Children\u2019s Online Privacy Protection Act of 1998 (COPPA)<\/a>;<\/li>\n<li>Data about an individual in an employment context, including emergency contact information and administering their benefits for another person.<\/li>\n<\/ul>\n<h2>Controller compliance requirements under the Iowa Consumer Data Protection Act<\/h2>\n<p>Under Iowa\u2019s data protection legislation, controllers must:<\/p>\n<ul>\n<li>Comply with authenticated consumer requests to exercise their personal data rights within 90 days;<\/li>\n<li>Adopt and implement reasonable data security practices to protect the confidentiality, integrity and accessibility of personal data. These practices must be appropriate to the volume and nature of the personal data;<\/li>\n<li>Provide consumers with a clear notice and an opportunity to opt-out of the collection of their sensitive data (unless the data is exempt, as outlined above);<\/li>\n<li>Not process personal data in violation of state and federal laws that prohibit unlawful discrimination against a consumer; and<\/li>\n<li>Publish a reasonably accessible, clear and meaningful privacy notice.<\/li>\n<\/ul>\n<h3>Iowa Data Privacy Law privacy notice requirements<\/h3>\n<p>A privacy notice must include the following information:<\/p>\n<ul>\n<li>Categories of personal data processed by the controller;<\/li>\n<li>Categories of personal data shared by the controller with third parties, if any; and the categories of any third parties;<\/li>\n<li>Purpose for processing personal data;<\/li>\n<li>Instructions on how a consumer may exercise their consumer rights via a secure and reliable means that allows the controller to authenticate a consumer;<\/li>\n<li>Instructions on how a consumer can appeal a controller\u2019s decision regarding a rights request; and<\/li>\n<li>Disclosure if the controller sells a consumer\u2019s personal data to third parties or engages in targeted advertising \u2013 this information must be displayed in a clear notice and give consumers a means to opt-out from such activities.<\/li>\n<\/ul>\n<h3>Processor compliance under Iowa\u2019s data privacy law<\/h3>\n<p>Processors must enter contracts with controllers and assist with meeting controller compliance obligations, such as responding to consumer rights requests and notification of data breaches.<\/p>\n<p>A contract between a processor and a controller must include:<\/p>\n<ul>\n<li>Instructions for processing personal data;<\/li>\n<li>Nature and purpose of the processing;<\/li>\n<li>Type\/s of date subject to processing;<\/li>\n<li>Duration of the processing;<\/li>\n<li>Requirement for the processor to delete or return all personal data when directed to by the controller at the end of the contract, unless retention of the personal data is required by law; and<\/li>\n<li>Rights and responsibilities of both parties;<\/li>\n<li>Requirement for the processor to engage any subcontractors or agents with a written contract ensuring they meet the processor\u2019s duties when processing personal data;<\/li>\n<li>Requirement for the processor to ensure each person processing personal data complies with data confidentiality and other compliance rules.<\/li>\n<\/ul>\n<h2>Enforcement of Iowa data privacy legislation<\/h2>\n<p>The Iowa Attorney General (AG) has exclusive authority to investigate and enforce violations of the Iowa Consumer Data Protection Act. There is no private right of action available.<\/p>\n<p>If the AG plans to initiate an action against a business for an alleged violation of the act, it must first give the business written notice and a 90 day cure period. After this time, the AG can pursue penalties of up to $7,500 per violation, regardless of whether the violation was found to be accidental or intentional.<\/p>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Online-Privacy_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Nymity Research<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Stay up to date on hundreds of global privacy laws, regulations, and standards.<\/p>\n<a href=\"\/free-trial\/nymity-research\/\" class=\"cta\">Start today<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Data-Lock_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Automate your compliance program<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Use PrivacyCentral to streamline privacy compliance across all relevant jurisdictions.<\/p>\n<a href=\"\/products\/privacy-data-governance\/privacycentral\/\" class=\"cta\">Learn more<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"right sm\">\n\t\t\t\t<div class=\"share-it\">\n\t\t\t\t\t<strong class=\"title block uppercase\">Follow us<\/strong>\n\t\t\t\t\t<div class=\"soc-list\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/company\/trustarc\/\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/li-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"\nhttps:\/\/twitter.com\/TrustArc\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/tw-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"javascript:;\" id=\"copy-url\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/link-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<span class=\"copied\" style=\"display:none;\">Link Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"key-topics\">\n\t\t\t\t\t\t<strong class=\"title block uppercase\">Key Topics<\/strong>\n\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/data-privacy\/\" class=\"badge\">Data Privacy<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/us-consumer-privacy-laws\/\" class=\"badge\">US Consumer Privacy Laws<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"cta-area\">\n\t\t\t\t\t<p>Get the latest resources sent to your inbox<\/p>\n\t\t\t\t\t<a href=\"\/subscription-center\/\" class=\"cta\">Subscribe<\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t","protected":false},"excerpt":{"rendered":"<p> Iowa became the sixth U.S. state to enact a detailed data privacy law with the Consumer Data Protection Act giving citizens personal data privacy and protection rights.<\/p>\n","protected":false},"featured_media":1261,"template":"","topic-resource":[55,114],"type-resource":[6],"class_list":["post-4741","resource","type-resource","status-publish","has-post-thumbnail","hentry","topic-resource-data-privacy","topic-resource-us-consumer-privacy-laws","type-resource-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Background Brief: Iowa Consumer Data Protection Act | TrustArc<\/title>\n<meta name=\"description\" content=\"Iowa became the sixth U.S. state to enact a detailed data privacy law with the Consumer Data Protection Act giving citizens personal data privacy and protection rights.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/\",\"name\":\"Background Brief: Iowa Consumer Data Protection Act | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-woven-gray-test.png\",\"datePublished\":\"2023-04-03T11:01:00+00:00\",\"dateModified\":\"2024-10-08T19:22:44+00:00\",\"description\":\"Iowa became the sixth U.S. state to enact a detailed data privacy law with the Consumer Data Protection Act giving citizens personal data privacy and protection rights.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/iowa-consumer-data-protection-act-background\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-woven-gray-test.png\",\"contentUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-woven-gray-test.png\",\"width\":610,\"height\":152},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Background Brief: Iowa Consumer Data Protection Act | TrustArc","description":"Iowa became the sixth U.S. state to enact a detailed data privacy law with the Consumer Data Protection Act giving citizens personal data privacy and protection rights.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/","url":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/","name":"Background Brief: Iowa Consumer Data Protection Act | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/#primaryimage"},"image":{"@id":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/#primaryimage"},"thumbnailUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-gray-test.png","datePublished":"2023-04-03T11:01:00+00:00","dateModified":"2024-10-08T19:22:44+00:00","description":"Iowa became the sixth U.S. state to enact a detailed data privacy law with the Consumer Data Protection Act giving citizens personal data privacy and protection rights.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trustarc.com\/resource\/iowa-consumer-data-protection-act-background\/#primaryimage","url":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-gray-test.png","contentUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-woven-gray-test.png","width":610,"height":152},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource\/4741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media\/1261"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=4741"}],"wp:term":[{"taxonomy":"topic-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-resource?post=4741"},{"taxonomy":"type-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/type-resource?post=4741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}